The present application relates generally to an improved data processing apparatus and method and more specifically to a secure computer architecture.
One of the most important considerations of any computer architecture is the security of the computer architecture. One of the most difficult security attacks that a computer architecture can defend against is a physical attack where an attacker has physical access to the data processing device in which the computer architecture is utilized. With physical access, the attacker can perform active and passive attacks on the data whenever it is exposed. This includes exposure in the data flows between the central processing unit (CPU) and memory, storage, and network devices. Even if this data is encrypted, the encryption keys and thus, the clear data, can often be recovered through passive attacks, such as side channels, and through active attacks, such as covert channel Trojans and man in the middle data manipulation.
In a covert channel attack, a malicious program with access to sensitive information tries to convey this information to another party in violation of access control policies and mechanisms. The term “covert channel” describes any mechanisms used to bypass a security policy, such as a security policy that would prevent passing data from high security to low security elements. In the Bell and LaPadula model, described in Bell et al., “Secure Computer System: Unified Exposition and Multics Interpretation,” ESD-TR-75-306, March 1976, The MITRE Corporation, Bedford, Mass.: HQ Electronic Systems Division, Hanscom AFB, MA., available at http://csrc.nist.gov/publications/history/bell76.pdf, one is not allowed to pass information from higher security processes to lower security processes. The term “covert channel” also applies to privacy related data such as private information a client system may have that the owner does not want to leak to other systems on the internet and to sensitive data like encryption keys (see Lampson, B. W., “A Note on the Confinement Problem.” Communications of the ACM, October 1973. 16(10): p. 613-615).
There are many potential covert channel mechanisms. The two major categories of covert channel mechanisms include storage channels, which operate by modifying a stored object to communicate data, and timing channels which operate by affecting the relative timing of events to transmit information. Covert channel attacks inherently involve a malicious user or program with access to sensitive information attempting to transmit the sensitive information to a user or program without such access.
With side channels, in contrast, there exist inadvertent leaks which do not depend on a malicious sender, but which exist as a side effect of the system itself. Many different types of side channel attacks have been shown to be practical including:                Timing attacks—attacks based on measuring how much time various computations take to perform;        Architectural side-effect attacks—attacks which take advantage of side-effects of performing a computation on a particular machine architecture, such as evicting cache lines, and branch prediction time;        Power monitoring attacks—attacks which make use of varying power consumption by the hardware during computation;        TEMPEST (a.k.a. van Eck or radiation monitoring) attacks—attacks based on leaked electromagnetic radiation which can directly provide plaintexts and other information;        Light leakage attacks—for example, many networking devices have traffic LEDs which accurately leak the actual data to observers;        Acoustic cryptanalysis attacks—attacks which exploit sound produced during a computation; and        Traffic flow analysis attacks—attacks which gain information by watching data flow between devices, such as between memory and processors, or CPU to CPU.As it turns out all of these side channels can also be used by a sophisticated Trojan as a covert channel mechanism.        
In a timing attack, sensitive information, such as keys of RSA, DSS, and other crypto systems can be compromised by measuring the execution time of the overall cryptographic operation. This attack requires an attacker to be able to simulate or predict the timing behavior of the attacked device rather accurately. The time taken to do the cryptographic operation inadvertently leaks information about the keys.
Similarly, the power consumed by a cryptographic device can be analyzed during the processing of the cryptographic operation. The power consumption turns out to include deterministic data-dependent parts which can be exploited by simple power analysis and differential power analysis. Traffic flow analysis can learn information about the data, even if it is encrypted, by watching the flow of the data between systems.
Data security within a computer system has been attempted in several prior systems. One approach has been to encapsulate the entire computer in a protective wrapper that is tamper resistant or tamper responsive, so that the attacker cannot gain physical access to the internal data flows. National Institute of Standards' Federal Information Processing Standard (FIPS) PUB 140-2, “Security Requirements for Cryptographic Module” (available at csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf) and other publications in the NIST's FIP-140 series of publications, describe such tamper resistance methods and standards for cryptographic processing devices. While such techniques are feasible for preventing physical access, the necessary encapsulation is very expensive and does not scale well due to thermal conduction issues as well as maintenance issues for large scale systems.